Data processing system

ABSTRACT

The present invention provides for a server computer, a data processing system and an access control system. Data related to items that are supposed to be in the possession of an employee is retrieved from distributed data sources. A web page is generated using these data values for the employee&#39;s information and review. These data values can be stored on a chip card that is used for access control and/or control of the circulation of items within the premises of a company.

FIELD OF THE INVENTION

The present invention relates to the field of data processing forproviding and maintaining user specific information, and moreparticularly without limitation to access control systems.

BACKGROUND AND PRIOR ART

Various organisations in the fields of business and administration facean enormous task of maintaining and controlling large inventories ofitems that are required by their employees to perform their respectiveduties. To facilitate check-in/check-out, inventorying, and theftcontrol of such items it is known to use bar codes and/or sensitisablemagnetic strips. The bar codes allow the items to be quickly identifiedusing a scanner. The magnetic strip is used in conjunction with amagnetic detection device for theft control. The magnetic strip isnormally sensitised. When an item is checked-out, the magnetic strip isde-sensitised. When the item is returned, the magnetic strip isre-sensitised. The magnetic detection device triggers an alarm if anattempt is made to pass through a controlled access carrying an articlewith a sensitised magnetic strip.

As an alternative to bar codes and sensitisable magnetic strips usage ofRFID tags is known from the prior art. U.S. Pat. No. 6,693,539 shows aninventory system using articles with RFID tags. Each RFID tag has aunique identification or serial number for identifying the individualarticle. An inventory database tracks all of the tag articles andmaintains circulation status information for each article. Articles arechecked out using a self-checkout system.

U.S. Pat. No. 6,169,483 shows a self-checkout/self-check-in RFID andelectronics article surveillance system. RFID tags on the articles areread for updating an inventory database.

U.S. Pat. No. 4,583,083 shows a checkout station to reduce retail theft.For theft prevention the retail items have theft prevention indicatorsfor detection of the presence of any such items in the possession of ashopper.

Usage of such electronic prior art systems for the purpose ofinventorying items in the possession of employees and for the purpose ofemployee theft prevention is limited as such electronic systems are notdesigned for use in a business environment. As a consequence manybusiness organisations lack an efficient and precise inventoryingprocedure regarding items in the possession of employees.

Usually inventorying of such items is only performed as a part of anemployee separation checkout procedure. The employee separation checkoutprocedure often involves filling out a paper form listing the itemsreturned by the employee. This has the further disadvantage that itplaces the burden of keeping track of the items provided from theemployer to its employee on the employee himself or herself. The sameproblem occurs when a business organisation moves to another location asthis requires that inventorying is performed.

SUMMARY OF THE INVENTION

In accordance with the present invention a server computer is providedthat has means for generating user specific web pages for a plurality ofusers. Each user has a user identifier. For example, an employee numbercan be used as such a user identifier. Each web page has a user specificset of data fields, such as for showing the items that are supposed tobe in the possession of the respective user.

Data source identifiers of data sources that can provide user specificdata values for the data fields are stored in order to access the datasources in response to receipt of one of the user identifiers. Therespective set of data sources provides the data values for the datafields of the user specific web page.

Various data sources can be used for providing the data values. Forexample, a relational database, such as SAP R/3 can be used as a datasource. A pre-defined database query is assigned to the data sourceidentifier for retrieval of the data value of interest. As analternative or in addition one or more web services can be used as datasources. The uniform resource locators (URLs) of the web services areused as data source identifiers in order to obtain the required datavalues using a request-response protocol such as HTTP or HTTPS.Alternatively or in addition various other data sources can be used,such as spreadsheets or the like.

In accordance with a further preferred embodiment of the invention eachdata source has an assigned link or email address. By means of the linkor email address a user can send a message requesting a modification ofone or more of the data values or other services such as replacement ofa lost or stolen item.

The present invention is particularly advantageous as it provides anefficient means for keeping track of the items in the possession of anemployee. This is particularly useful when the information regarding theitems in the possession of the employee are spread over various datasources. Another advantage of the present invention is that the employeeis released from the task of having to keep track of the items providedto him or her from, the employer. And employee can access the servercomputer which provides an employee specific web page showing all itemsthat are supposed to be in the possession of the employee. If one of theitems needs to be replaced, is lost or stolen, the employee can enter acorresponding message or request which is sent to the respectiveorganisational entity of the company.

In accordance with a preferred embodiment of the invention the employeedoes not need to manually enter his or her employee number. The employeenumber is stored on an integrated circuit chip card and is automaticallyentered into the employee's client computer using an integrated circuitchip card reader.

In accordance with a further preferred embodiment of the invention acopy of the data values provided by the data sources is stored on thechip card. This facilitates usage of the present invention for thepurpose of access control to an access controlled area.

In accordance with a further preferred embodiment of the invention theaccessed controlled area has a checkpoint with a computer that iscoupled to a card reader for reading the data values from the chip card.An employee that requests to enter into or exit from the accesscontrolled area and who carries an item, such as a laptop computer or amobile telephone, needs to present the item or items at a reception deskfor comparison with the data values. If the identifier of an itemmatches the respective data value read from the chip card, the employeeis allowed to carry the item with him or her, from or to the accesscontrolled area. This is useful not only for the purpose of employeetheft prevention but also for controlling the circulation of potentiallyhazardous materials or substances.

In accordance with a further preferred embodiment of the invention thecomparison of the item identifier and the respective data value readfrom the chip card is done automatically. For this purpose the computerthat is located at the checkpoint is coupled to a bar code reader forreading a bar code that is attached to the item. The bar code stores theidentifier of the item that is compared with the respective data valueread from the chip card by the computer. When the identifiers and therespective data values match the computer outputs a door release signalin order to open an automatic door for entry or exit from or to theaccess controlled area.

BRIEF DESCRIPTION OF THE DRAWINGS

In the following preferred embodiments of the invention will bedescribed in greater detail by way of example only by making referenceto the drawings in which:

FIG. 1 is a block diagram of a preferred embodiment of a data processingsystem of the invention,

FIG. 2 shows a user specific web page that is generated by the portalserver of the data processing system of FIG. 1,

FIG. 3 shows another example for a user specific web page,

FIG. 4 is a flowchart illustrating a preferred embodiment of the methodof the invention,

FIG. 5 is a flowchart illustrating entering a service request,

FIG. 6 is a block diagram of a preferred embodiment of an access controlsystem of the invention that uses the data processing system of FIG. 1,

FIG. 7 is a preferred embodiment of the access control system using abar code scanner and an automatic door.

DETAILED DESCRIPTION

FIG. 1 shows data processing system 100 that has portal server 102.Portal server 102 has processor 104 for execution of computer program106. Computer program 106 serves for generating a user specific web pagein response to receipt of a respective request carrying a useridentifier. Portal server 102 has storage 108 for storing master datatable 110 and personalisation table 112. The master data table 110serves for storage of all fieldnames and field identifiers (IDs) of datafields that can occur in a web page generated by computer program 106.

When data processing system 110 is used for tracking and inventorying ofitems in the possession of employees there is a fieldname and respectivefield ID for each item or class of items that can be in the possessionof one or more of the employees. In the example considered here suchitems include a laptop computer such that master data table 110 has arespective fieldname ‘laptop’ with field ID ‘A’. Likewise they arefieldnames and respective field IDs for ‘mobile phone’, ‘car’, ‘key’,‘software licence’, ‘printer’, . . .

In addition master data table 110 indicates a service request addressfor each data field. The service request address is a link or emailaddress that can be used for contacting an organisational entity of thecompany that is responsible for the respective item. For example, forthe data fields ‘laptop’ and ‘software licence’ the respective servicerequest address in an URL or email address of the company's internal orexternal information technology (IT) support. For ‘mobile phone’ a linkor an email address of the company's purchase department is given; for‘car’ a link or email address of the company's fleet management thatmanages purchase and maintenance of the company's cars is given; for‘key’ a link or email address to the company's facility management isgiven in master data table 110.

Personalisation table 112 has an entry for each registered employee. Forexample employee ‘Peter Smith’ has employee number ‘XY67’. The employeenumber is used as a user identifier for the purpose of data processingsystem 100 in the embodiment considered here. It is to be noted thatother unique identifiers can be used instead of, or in addition, to theemployee number.

Further, personalisation table 112 lists the field IDs of fieldnamescorresponding to items that are supposed to be in the possession of therespective employee. Each field ID has an assigned data sourceidentifier that identifies a data source for providing a data value forthe respective field. In the example considered here employee ‘PeterSmith’ has a laptop computer, a software licence for his home officecomputer and a printer for his laptop computer amongst other items.Information regarding Peter Smith's laptop computer is stored inrelational database (RD) 114. The field ID ‘A’ given in personalisationtable 112 for employee ‘Peter Smith’ has assigned the corresponding datasource identifier RD that identifies relational database 114 as a datasource for information regarding the laptop computer that is supposed tobe in the possession of employee Peter Smith. In addition the datasource identifier has an assigned pre-defined query for queryingrelational database 114 in order to provide the respective informationregarding the laptop computer.

Information regarding Peter Smith's software licence is stored indatabase 116 that is accessible through web service 118. The data sourceprovided by web service 118 is identified by a uniform resource locator(URL) of the web service. This URL is assigned to the field ID ‘E’ thatis entered in personalisation table 112 for employee Peter Smith.

Information regarding the printer that is supposed to be in thepossession of Peter Smith is stored in spreadsheet (SS) 120 stored oncomputer 122. A corresponding data source identifier SS is assigned tofield ID ‘F’ that is entered in personalisation table 112 for employeePeter Smith. Employee ‘George Miller’ may have other items in hispossession. This is reflected by corresponding entries in the FieldID/Data source ID column of personalisation table 112 for employee‘George Miller’. The same applies analogously for all other employeesthat are registered. The data stored in personalization table 112 can beentered and modified only by authorized personnel of the company.

Relational database 114, computer 122 and web service 118 are coupled toportal server 102 by means of network 124. For example, network 124 is acomputer network, such as the Internet, an intranet or an extranet. Theclient computers of the employees of the company that runs dataprocessing system 100 are also coupled to network 124. FIG. 1 shows oneof these client computers 126 by way of example.

Client computer 126 has browser program 128, such as Microsoft InternetExplorer or Netscape Navigator. Further, client computer 126 hasinterface 130 for communication with integrated chip card reader 132.Card reader 132 serves to receive integrated chip card 134 that hasnon-volatile memory 136.

Relational database 114 has a number of relational database tables 138for storing of various company data such as human resources data,financial data, logistic data and/or other data. Preferably SAP R/3 isused for implementation of relational database 114.

In the following usage of data processing system 100 by employee PeterSmith is considered by way of example. The employee Peter Smith insertshis employee chip card 134 into card reader 132. The employee chip card134 is personalised and stores Peter Smith's employee number ‘XY67’ inits non-volatile memory 136. The employee Peter Smith starts browserprogram 128 on his client computer 126 and selects the URL of portalserver 102. In response Peter Smith is prompted to enter his employeenumber. Preferably the entry of his employee number is performedautomatically by the client computer 126 by reading the employee numberfrom the non-volatile memory 136 via the card reader 132 by means ofinterface 130.

The employee number is sent as HTTP request 140 from client computer 126to portal server 102 and is received by computer program 106. Computerprogram 106 uses the employee number received by means of HTTP request140 as a key for reading the respective entries for employee Peter Smithfrom personalisation table 112. Computer program 106 reads the entriesfrom the column Field ID/Data source ID for accessing the identifieddata sources.

In particular, the computer program 106 sends database query 142 torelational database 114 corresponding to the (A/RD, query) entry forPeter Smith in personalisation table 112. Likewise computer program 106sends HTTP request 144 to web service 118 using the URL assigned tofield ID ‘E’ in the respective entry of personalisation table 112.Likewise computer program 106 sends query 146 to spreadsheet 120 inaccordance with the (F/SS, query) entry.

In response computer program 106 receives the data values 148, 150 and152 for data fields A, E and F from relational database 114, web service118 and spreadsheet 120, respectively. These data values, master datatable 110 and personalisation table 112 provide the data that is used bycomputer program 106 to generate a web page that is specific for PeterSmith and that shows the items that are supposed to be in the possessionof Peter Smith and details describing such items. The web page 154 isreceived by client computer 126 and is displayed by browser program 128.

FIG. 2 shows a schematic example for the layout of web page 154. Webpage 154 presents the information regarding items that are supposed tothe in the possession of Peter Smith in tabular form by giving ‘itemname’, ‘item value’, ‘item location’ and ‘item ID’ for each such item.In addition the respective service request address is given for eachitem. This facilitates a user's entry of a respective request ornotification, for example to report a loss of one of the items, or torequest a service such as changing the winter tyres of his company caragainst summer tires.

The information contained in web page 154 can also be accessed by theemployee's supervisor. FIG. 3 shows a corresponding example for arespective web page 156. For example, George Miller is the supervisor ofPeter Smith.

When George Miller uses his client computer to access portal server 102he enters his employee number either manually or automatically using hischip card. Portal server 102 queries relational database 114 in order todetermine George Miller's role. As George Miller is a supervisor therespective database query also returns the employees that are managed byGeorge Miller. George Miller he has the option to either generate a webpage of the type as shown in FIG. 2 for his own purposes or to generatethe web page 156 for viewing the respective information concerning theemployees under his span of control as he has role “supervisor”.

If George Miller chooses the latter option web page 156 is generated anddisplayed by the browser of George Miller's client computer. Web page156 has table 158 that shows the employees that are managed by GeorgeMiller. In addition the table 158 shows the location and the cost centreof the respective employees.

George Miller can select one of the employees shown in table 158 byusing the respective check boxes. In the example considered hereemployee ‘Meads,Raphael’ is selected. Table 160 of web page 156 showsthe respective details of items that are supposed to be in thepossession of this employee.

The items are categorised in ‘fixed assets’ and ‘equipment’. Each itemhas a short description, an object ID, an indication of its place orlocation, the total of the respective costs in US dollars, the remaininguseful lifetime in months, and the cost centre or internal order.

FIG. 4 shows a flowchart illustrating a preferred mode of operation ofthe data processing system of FIG. 1. In step 400 an employee enters hisor her employee number into one of the client computer systems. As analternative to the manual input operation the employee inserts his orher chip card into a card reader coupled to the client computer suchthat the employee number stored on the card is read and entered into theclient computer automatically. In step 404 the employee number istransmitted to the portal server by means of a HTTP request. In responseto the HTTP request with the employee number the portal server performsaccess operations to the data sources as identified by the data sourceidentifiers in the personalisation table (cf. personalisation table 112of FIG. 1).

In step 410 the portal server receives the field values as requestedfrom the data sources and generates a user specific web page using thesedata values in step 412. The web page is transmitted and displayed onthe client computer in step 414 for the employee's information andreview. In addition a copy of the field IDs and their assigned fieldvalues is stored on the chip card (step 416). Alternatively the fieldIDs and assigned field values are updated if the procedure has beenperformed previously.

FIG. 5 illustrates how the employee can utilise the user specific webpage for requesting service. In step 500 the employee selects one of thedata fields shown in the web page. For example, this can be done bydouble clicking on the selected data field, which opens a dialoguewindow for entering a service request (step 502). In step 504 a messagewith the service request entered in step 502 is sent to theorganisational entity as identified by the service request addressassigned to the selected data field.

FIG. 6 shows an access control system 600 for controlling access to anaccess controlled area such as the premises of the company. The accesscontrol system 600 uses the data processing system 100 as shown in FIG.1 for implementing access control. The chip card 134 stores a copy ofthe field IDs and assigned field values of the employee whose employeenumber is also stored in the non-volatile memory 136 of the chip card134. (cf. step 416 of FIG. 4).

Access control system 600 has at least one checkpoint 602 for controlledentry or exit into or out of the controlled area. The checkpoint 602 hasreception desk 604 and a computer 606 for running computer program 608.The computer 606 has interface 610 for communicating with chip card 134via card reader 612. Further, monitor 614 is coupled to computer 606.

In operation employee 616 requests entry or exit from the accesscontrolled area by presenting himself or herself at reception desk 604.The employee 616 carries chip card 134 and at least one item 618. Theemployee 616 gives his chip card 134 to security guard 620 who insertsthe chip card 134 into card reader 612. This invokes program 608 whichreads the data stored in the memory 136 via card reader 612 by means ofinterface 610 and displays the data on monitor 614.

Security guard 620 checks whether the item 618 is listed among the itemsshown on monitor 614 that are authorised to be in the possession ofemployee 616. For example item 618 has an object ID that is printed on alabel. The same object ID needs to appear on monitor 614. If this is thecase the employee 616 is allowed entry or access into or from the accesscontrolled area with the item 618.

This is useful for theft prevention of valuable equipment, such aslaptop computers and the like. Another preferred application is thecontrol of the circulation of potentially hazardous material, substancesor equipment.

FIG. 7 shows an alternative embodiment of the access control system 600.Elements of FIG. 7 that correspond to elements of FIG. 6 are designatedby the same reference numerals.

In the embodiment of FIG. 7 bar code scanner 700 is coupled to computer606 that has interface 702 for receiving bar code information from barcode scanner 700.

Checkpoint 602 has automatic door 704 that provides an entry and/or exitpoint to and/or from the access controlled area. The door 704 has anautomatic door release device 706 that is controlled by computer 606.

In operation the employee 616 inserts his or her chip card 134 into cardreader 612 and places item 618 on bar code scanner 700. The program 608compares the object ID read from the bar code of item 618 by bar codescanner 700 and the respective object ID read from the memory 136 of thechip card 134. If the scanned-in object ID and the respective data valuestored on the chip card 134 match, computer 606 outputs a door releasesignal for door release device 706 in order to open the automatic door704.

LIST OF REFERENCE NUMERALS

-   100 data processing system-   102 portal server-   104 processor-   106 computer program-   108 storage-   110 master data table-   112 personalisation table-   114 relational database-   116 database-   118 web service-   120 spreadsheet-   122 computer-   124 network-   126 client computer-   128 browser program-   130 interface-   132 card reader-   134 chip card-   136 memory-   138 database table-   140 HTTP request-   142 query-   144 HTTP request-   146 query-   148 data values-   150 data values-   152 data values-   154 web page-   156 web page-   158 table-   160 table-   600 access control system-   602 checkpoint-   604 reception desk-   606 computer-   608 program-   610 interface-   612 card reader-   614 monitor-   616 employee-   618 item-   620 security guard-   700 bar code scanner-   702 interface-   704 door-   706 door release device

1-44. (canceled)
 45. A computer system for generating user-specific webpages for a plurality of users, the computer system comprising: astorage device that stores a set of instructions; and at least oneprocessor that is configured, by execution of the set of instructions,to perform the following operations: receive a user identifier from aclient computer; determine a supervisory role associated with the useridentifier; retrieve, from the storage device, supervisor-specific dataincluding at least one supervised user associated with the supervisoryrole and a plurality of items in possession of the supervised user; andgenerate a supervisory role web page including data fields, the datafields comprising the supervisor-specific data.
 46. The computer systemof claim 45, wherein the supervisor-specific data includes at least oneof a location of the items, a cost of the items, or a remaining lifetimeof the items.
 47. The computer system of claim 45, wherein the at leastone processor is further adapted, by execution of the set ofinstructions, to perform the following operation: retrieve, from thestorage device, a plurality of items in possession of a user associatedwith the user identifier.
 48. The computer system of claim 47, whereinthe at least one processor is further adapted, by execution of the setof instructions, to perform the following operation: generate auser-specific web page including user-specific data fields, theuser-specific data fields comprising at least one of the plurality ofitems in possession of the user associated with the user identifier. 49.The computer system of claim 45, wherein the user associated with theuser identifier is a supervisory user.
 50. The computer system of claim49, wherein the at least one supervised user is an employee of thesupervisory user.
 51. A computer-implemented method for generatinguser-specific web pages for a plurality of users, the method comprising:receiving a user identifier from a client computer; determining asupervisory role associated with the user identifier; retrieving, by atleast one processor, supervisor-specific data reflecting at least onesupervised user associated with the supervisory role and a plurality ofitems in possession of the supervised user; and generating, by the atleast one processor, a supervisory role web page including data fields,the data fields comprising the supervisor-specific data reflecting thesupervised user and the corresponding plurality of items in thepossession of the supervised user.
 52. The method of claim 51, whereinthe supervisor-specific data includes at least one of a location of theitems, a cost of the items, or a remaining lifetime of the items. 53.The method of claim 51, further comprising: retrieving, from a storagedevice, a plurality of items in possession of a user associated with theuser identifier.
 54. The method of claim 53, further comprising:generating a user-specific web page including user-specific data fields,the user-specific data fields comprising at least one of the pluralityof items in possession of the user associated with the user identifier.55. The method of claim 51, wherein the user associated with the useridentifier is a supervisory user.
 56. The method of claim 55, whereinthe at least one supervised user is an employee of the supervisory user.57. A computer program product comprising a non-transitorycomputer-readable storage medium, the non-transitory computer-readablestorage medium storing a set of instructions, that when executed by aprocessor, cause the processor to: receive a user identifier from aclient computer; determine a supervisory role associated with the useridentifier; retrieve supervisor-specific data reflecting at least onesupervised user associated with the supervisory role and a plurality ofitems in possession of the supervised user; and generate a supervisoryrole web page including data fields, the data fields comprising thesupervisor-specific data reflecting the supervised user and thecorresponding plurality of items in the possession of the superviseduser.
 58. The computer program product of claim 57, wherein thesupervisor-specific data includes at least one of a location of theitems, a cost of the items, or a remaining lifetime of the items. 59.The computer program product of claim 57, further comprisinginstructions, that when executed by a processor, cause the processor to:retrieve, from a storage device, based on the received user identifier,a plurality of items in possession of a user associated with the useridentifier.
 60. The computer program product of claim 59, furthercomprising instructions, that when executed by a processor, cause theprocessor to: generate a user-specific web page including user-specificdata fields, the user-specific data fields comprising at least one ofthe plurality of items in possession of the user associated with theuser identifier.
 61. The computer program product of claim 57, whereinthe user associated with the user identifier is a supervisory user. 62.The computer program product of claim 61, wherein the at least onesupervised user is an employee of the supervisory user.